SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services.

IoT 101

IoT DDOS Passwords Malware 101

Security Affairs

MAY 1, 2024

The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources. The malicious code can also perform DNS and HTTP hijacking within private IP spaces. . The recent campaign spanned from October 2023 to April 2024. ” concludes the report.

Malware 103

Malware DNS Authentication Telecommunications 103

eSecurity Planet

FEBRUARY 19, 2024

Appliances with affected software must have Anyconnect SSL VPN enabled on whichever interface is exposed to the internet for an attack to occur. Palo Alto’s Unit 42 research team said that Akira led the number of ransomware posts from new leak sites in 2023. Changing passwords, secrets, and pre-shared keys.

VPN 113

VPN DNS Ransomware Software 113

Security Affairs

AUGUST 29, 2023

A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks. The hackers are exploiting the remote code execution, tracked as CVE-2023-3519 , in a large-scale campaign. The flaw CVE-2023-3519 (CVSS score: 9.8) php) on victim machines.

VPN 104

VPN Ransomware DNS Malware 104

Security Affairs

JULY 21, 2023

Cybersecurity and Infrastructure Security Agency (CISA) warning of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. “Exploits of CVE-2023-3519 on unmitigated appliances have been observed. Reimage compromised hosts.

VPN 80

VPN Cyber Attacks DNS Software 80

SecureList

APRIL 22, 2024

A connection like this created on domain controllers allows attackers to obtain the IP addresses of hosts on the internal network through DNS queries. Diagram of SSH tunnel creation SoftEther VPN The next tool that the attackers used for tunneling was the server utility (VPN Server) from the SoftEther VPN package.

VPN 122

VPN Passwords Encryption Malware 122

SecureList

JUNE 3, 2024

In late December, in a presentation at the 37th Chaos Communication Congress (37C3), experts from our Global Research and Analysis Team (GReAT) described the attack chain in detail , including – for the first time – how the attackers exploited the CVE-2023-38606 hardware vulnerability. You can read the full analysis here.

Banking 83

Banking Malware Computers and Electronics Mobile 83